Virtumond (I think) DIFFERENT FROM THE OTHERS! I tried solutions posted none worked.

**pskelley** · 2007-11-23, 15:34

Nothing seems to happen quickly when Vundo is involved. Have you thought about just deleting that file:
C:\WINDOWS\system32\vturr.dll <<< delete that file
(those should be back slashes)

If you are told it is running, then try this:

How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tuto...42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\system32\vturr.dll and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.

Let me know what happens

I have no idea where the system restore files came from.

This is your computer?

I do not need a list of popups, just the general direction. Are they trying to sell you rouge products like Winfixer?

I have no experience with that tool:
http://www.neuber.com/taskmanager/

Have a look at this free tool when you have time:
http://www.microsoft.com/technet/sys...ssmonitor.mspx

**jonathanasdf** · 2007-11-23, 16:14

Apparently, TrendMicro HiJackThis 2.02 doesn't support delete file on reboot... When I click that button HiJackThis closes and nothing happens.

The pop-ups are... about everything.

There is ones asking to buy software,
there are search sites,
there are random sites about nothing
there are sites selling.. camping gear..
and there are blank pages,
and other stuff.

anyways, thanks for your help i'll get the combofix log up here soon.

**pskelley** · 2007-11-23, 16:20

I use that tool all of the time, sure you are reading the directions? Why not boot to safe mode and delete that file there. There may be more junk, combofix should show us.

These popups occuring when you are offline?

Thanks

**jonathanasdf** · 2007-11-24, 00:43

Thank you. ComboFix seems to have deleted it. It not longer shows up in Security Task Manager. Here is the combofix log.

ComboFix 07-11-19.3 - ver 2007-11-23 15:34:12.3 - NTFSx86
Running from: C:\Documents and Settings\ver.MAX-93977C49C21\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\inst.exe
C:\WINDOWS\system32\_000111_.tmp.dll
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\vturr.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-23 15:32 124 --a------ C:\WINDOWS\system32\msexcr.ini
2007-11-22 06:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-22 06:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-20 23:09 <DIR> d-------- C:\Program Files\Sun
2007-11-20 22:46 5,097 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-20 22:10 <DIR> d-------- C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\ESET
2007-11-20 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-20 06:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-19 22:47 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-19 07:16 <DIR> d-------- C:\Program Files\PowerISO
2007-11-07 21:20 <DIR> d-------- C:\Program Files\MSECache
2007-11-06 17:52 <DIR> d-------- C:\WINDOWS\kdefense
2007-11-06 17:52 373,248 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-11-06 17:52 159,744 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-11-06 17:52 73,728 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-11-06 17:52 61,440 --a------ C:\WINDOWS\system32\kdfmod.dll
2007-11-06 17:52 47,104 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-11-02 15:42 80 -r-hs---- C:\WINDOWS\system32\D3E0F2A377.dll
2007-11-02 15:40 <DIR> d-------- C:\Program Files\SewerRun
2007-10-27 08:48 <DIR> d-------- C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\vlc
2007-10-25 09:27 53,768 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-10-25 09:27 50,696 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-10-25 09:27 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-10-25 09:25 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-10-25 09:25 27,144 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-10-23 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-23 18:10 <DIR> d-------- C:\Program Files\Bonjour
2007-10-23 17:54 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-23 17:14 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-10-23 16:59 90,112 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 01:00 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-22 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-21 07:08 --------- d-----w C:\Program Files\Java
2007-11-21 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 14:37 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 14:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 07:18 --------- d-----w C:\Program Files\华安证券
2007-11-17 04:25 --------- d-----w C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\Free Download Manager
2007-11-14 05:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 05:48 --------- d-----w C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\dvdcss
2007-11-02 02:03 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-10-27 16:44 --------- d-----w C:\Program Files\VideoLAN
2007-10-24 02:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-16 21:56 528,384 ----a-w C:\WINDOWS\system32\NMWizardJP7.exe
2007-10-16 02:16 --------- d-----w C:\Program Files\JRJRefInner
2007-10-15 07:08 --------- d-----w C:\Program Files\JRJRef6VIP
2007-10-15 07:08 --------- d-----w C:\Program Files\JRJL2RefInner
2007-10-12 22:35 249,856 ----a-w C:\WINDOWS\system32\NMJ_Util.exe
2007-10-12 22:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\StumbleUpon
2007-10-10 00:58 --------- d-----w C:\Program Files\DivX
2007-10-03 14:30 77,824 ----a-w C:\WINDOWS\system32\NMUninstJP7.exe
2007-09-29 02:01 229,376 ----a-w C:\WINDOWS\system32\CPGameLauncher.exe
2007-09-27 02:21 --------- d-----w C:\Program Files\BitComet
2007-09-10 22:36 497,160 ----a-w C:\WINDOWS\NMUpdate25_1.exe
2007-08-22 04:09 47,360 ----a-w C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\pcouffin.sys
2007-07-24 15:49 142 ----a-w C:\Documents and Settings\Administrator\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB16EA1-D927-4318-B8C1-DD171809F90D}]
C:\WINDOWS\system32\vturr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-09-26 18:30]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 02:48]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-19 23:21]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56]

C:\Documents and Settings\ver.MAX-93977C49C21\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 10:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 CMB8100;CMB8100;\??\C:\WINDOWS\system32\Drivers\CertClient.dat
R2 CMBProtector;CMBProtector;\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS\system32\DRIVERS\n100325.sys
S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ADBLOCK.DLL
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ARP.DLL
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\CONTENT.DLL
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\DNSCACHE.DLL
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\FTPFILT.DLL
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTMLFILT.DLL
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTTPFILT.DLL
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\IMAPFILT.DLL
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\MAILFILT.DLL
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\NNTPFILT.DLL
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\POP3FILT.DLL
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\PROTECT.DLL
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\SECRET.DLL
S4 VFILT;Lavasoft Firewall Kernel Driver;\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\FILTNT.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21551A31-41DA-E83C-0207-080407040603}]
C:\WINDOWS\system32\explore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D3FD05B7-44A7-109F-BB8A-0EF9868230E4}]
C:\Program Files\Bifrost\---.exe s
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 15:37:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 15:38:29
.
--- E O F ---

No, the pop-ups only come sometimes when I open webpages when I am online. But, now that vturr.dll is gone, it should stop. HJT log is too long to post here.

**jonathanasdf** · 2007-11-24, 00:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:18, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_EN\ACCESS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet 资源搜索 - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12672 bytes

thanks.

**pskelley** · 2007-11-24, 01:04

These files are suspicious and installed on the same day. Use one or more of these free scanners and if they scan bad, delete them.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/

C:\WINDOWS\system32\msexcr.ini
C:\WINDOWS\system32\kdfinj.dll
C:\WINDOWS\system32\kdfmgr.exe
C:\WINDOWS\system32\kdfapi.dll
C:\WINDOWS\system32\kdfmod.dll
C:\WINDOWS\system32\Kdfhok.dll
C:\WINDOWS\system32\D3E0F2A377.dll

No, the pop-ups only come sometimes when I open webpages when I am online

With Vundo, the popups can happen even offline, orginating because of the trojans. If you need a good popup blocker, try this one:
http://toolbar.google.com/T4/index_pack.html
If you do use it, download it basic, without all the junk they try to get you to accept. Uncheck all but toolbar/blocker.

Let me know how you are running when you finish these instruction. It might be wise to run a new Kaspersky, please don't post it if it is clean. Make sure to delete combofix and the C:\qoobox\quarantine\ folder before you scan.

Thanks...Phil

**jonathanasdf** · 2007-11-24, 02:57

Hello,

When I used the virus scanners you provided, it did not show any of the files as a virus. However, when I googled kdfmgr.exe it was shown as a virus. So, I followed online steps and created a CFScript with C:\WINDOWS\system32\kdfmgr.exe, and executed ComboFix. Here is the log. I will upload the Kaspersky log soon.

ComboFix 07-11-19.3 - ver 2007-11-23 17:49:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.1.1033.18.143 [GMT -8:00]
Running from: C:\Documents and Settings\ver.MAX-93977C49C21\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ver.MAX-93977C49C21\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
.

2007-11-23 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-23 17:11 124 --a------ C:\WINDOWS\system32\msexcr.ini
2007-11-22 06:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-22 06:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-20 23:09 <DIR> d-------- C:\Program Files\Sun
2007-11-20 22:46 5,097 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-20 22:10 <DIR> d-------- C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\ESET
2007-11-20 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-20 06:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-19 22:47 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-19 07:16 <DIR> d-------- C:\Program Files\PowerISO
2007-11-07 21:20 <DIR> d-------- C:\Program Files\MSECache
2007-11-06 17:52 <DIR> d-------- C:\WINDOWS\kdefense
2007-11-06 17:52 373,248 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-11-06 17:52 159,744 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-11-06 17:52 73,728 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-11-06 17:52 61,440 --a------ C:\WINDOWS\system32\kdfmod.dll
2007-11-06 17:52 47,104 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-11-02 15:42 80 -r-hs---- C:\WINDOWS\system32\D3E0F2A377.dll
2007-10-27 08:48 <DIR> d-------- C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\vlc
2007-10-25 09:27 53,768 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-10-25 09:27 50,696 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-10-25 09:27 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-10-25 09:25 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-10-25 09:25 27,144 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-24 01:35 --------- d-----w C:\Program Files\Google
2007-11-22 01:00 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-21 07:08 --------- d-----w C:\Program Files\Java
2007-11-21 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 14:37 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 14:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 07:18 --------- d-----w C:\Program Files\华安证券
2007-11-17 04:25 --------- d-----w C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\Free Download Manager
2007-11-14 05:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 05:48 --------- d-----w C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\dvdcss
2007-11-02 02:03 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-10-27 16:44 --------- d-----w C:\Program Files\VideoLAN
2007-10-24 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-24 02:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-24 02:10 --------- d-----w C:\Program Files\Bonjour
2007-10-24 01:58 --------- d-----w C:\Program Files\PeerGuardian2
2007-10-24 01:54 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-10-16 21:56 528,384 ----a-w C:\WINDOWS\system32\NMWizardJP7.exe
2007-10-16 02:16 --------- d-----w C:\Program Files\JRJRefInner
2007-10-15 07:08 --------- d-----w C:\Program Files\JRJRef6VIP
2007-10-15 07:08 --------- d-----w C:\Program Files\JRJL2RefInner
2007-10-12 22:35 249,856 ----a-w C:\WINDOWS\system32\NMJ_Util.exe
2007-10-12 22:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\StumbleUpon
2007-10-10 00:58 --------- d-----w C:\Program Files\DivX
2007-10-03 14:30 77,824 ----a-w C:\WINDOWS\system32\NMUninstJP7.exe
2007-09-29 02:01 229,376 ----a-w C:\WINDOWS\system32\CPGameLauncher.exe
2007-09-27 02:21 --------- d-----w C:\Program Files\BitComet
2007-09-10 22:36 497,160 ----a-w C:\WINDOWS\NMUpdate25_1.exe
2007-08-22 04:09 47,360 ----a-w C:\Documents and Settings\ver.MAX-93977C49C21\Application Data\pcouffin.sys
2007-07-24 15:49 142 ----a-w C:\Documents and Settings\Administrator\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-09-26 18:30]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 02:48]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-19 23:21]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56]

C:\Documents and Settings\ver.MAX-93977C49C21\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-23 17:34:03]
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 10:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 CMB8100;CMB8100;\??\C:\WINDOWS\system32\Drivers\CertClient.dat
R2 CMBProtector;CMBProtector;\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS\system32\DRIVERS\n100325.sys
S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ADBLOCK.DLL
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ARP.DLL
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\CONTENT.DLL
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\DNSCACHE.DLL
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\FTPFILT.DLL
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTMLFILT.DLL
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTTPFILT.DLL
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\IMAPFILT.DLL
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\MAILFILT.DLL
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\NNTPFILT.DLL
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\POP3FILT.DLL
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\PROTECT.DLL
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\SECRET.DLL
S4 VFILT;Lavasoft Firewall Kernel Driver;\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\FILTNT.SYS

*Newly Created Service* - GUSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21551A31-41DA-E83C-0207-080407040603}]
C:\WINDOWS\system32\explore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D3FD05B7-44A7-109F-BB8A-0EF9868230E4}]
C:\Program Files\Bifrost\---.exe s
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 17:52:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 17:53:42
C:\ComboFix2.txt ... 2007-11-23 15:38
.
--- E O F ---

thanks.

**jonathanasdf** · 2007-11-24, 21:05

Hello again.

Kaspersky didn't pick up anything else. Is there anything left for me to do? Which programs should I delete? Thanks.

**pskelley** · 2007-11-24, 21:38

Delete all tools we downloaded for this cleanup, they do not update and must be downloaded fresh if ever needed again.

Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/

Safe surfing

http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

Some good information for you:
http://users.telenet.be/bluepatchy/m...wcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/m...revention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

**jonathanasdf** · 2007-11-25, 09:18

Thank you. I would donate for your generous help, but I don't have a credit card yet :S

My parents don't support me donating..

Anyways, thank you for solving my problems.

Thread: Virtumond (I think) DIFFERENT FROM THE OTHERS! I tried solutions posted none worked.

Thread Tools

Display

Posting Permissions